If you configure SAS^® 9.4 with SSL during initial configuration, you can access the SAS Content Server dircontents.jsp file from the following URL with no problem.

However, you cannot access the dircontents.jsp file when you do either of the following:

• You make a change to use SSL after the initial configuration.
• You integrate an existing external SSL proxy (that is, you require support for internal and external URLs).

When this problem occurs, the following errors are generated:

• In the browser:

HTTP Status 404 - /SASContentServer/casfailed.jsp

type Status report

message /SASContentServer/casfailed.jsp

description The requested resource is not available

• In the Web Server access.log file:

Http 404 error and CAS ticket validation failures in WebServer access log:

30.128.99.3 - - [24/Jan/2014:12:50:31 -0500] "GET /" 200 966
30.128.99.1 - - [24/Jan/2014:12:50:31 -0500] "POST /SASLogon/login;67c531ac39be38ca88e98113814169bf_Cluster1=4D34B36023165CDD1FCE44418C8CD4C9.67c531ac39be38ca88e98113814169bf_SASServer1_1?service=h
ttps%3A%2F%%3A443%2FSASContentServer%2Fj_spring_cas_security_check HTTP/1.1" 302 -
30.128.99.1 - - [24/Jan/2014:12:50:32 -0500] "GET /SASLogon/serviceValidate?service=https%3A%2F%%2FSASContentServer%2Fj_spring_cas_security_check&ticket=ST-3-BxlRFohJxaX
3wxzhKdoo-cas HTTP/1.1" 200 493
30.128.99.1 - - [24/Jan/2014:12:50:32 -0500] "GET /SASContentServer/j_spring_cas_security_check?ticket=ST-3-BxlRFohJxaX3wxzhKdoo-cas HTTP/1.1" 302 -
30.128.99.1 - - [24/Jan/2014:12:50:32 -0500] "GET /SASContentServer/casfailed.jsp HTTP/1.1" 404 1083

• In the SAS^® Web Application Server (SASServer1_1) server.log file:

2014-01-29 09:57:18,013 [tomcat-http--30] ERROR org.jasig.cas.CentralAuthenticationServiceImpl - ServiceTicket [ST-242-dZbRc6nR9TzLg1caXCYf-cas] with service 
[https://:443/SASContentServer/j_spring_cas_security_check does not match supplied service 
[https:///SASContentServer/j_spring_cas_security_check]

To solve this problem, follow the steps below:

1. Configure Java options for SAS Content Server, as follows:

For Microsoft Windows Operating Environments

1. Locate the wrapper.conf file that resides in SAS-configuration-directory/Lev1/Web/WebAppServer/SASServerx_x/conf/.
2. Add the following Java virtual machine (JVM) parameters under the # Java Additional Parameters section:
wrapper.java.additional.N=-Dsas.scs.cas.scheme=https -Dsas.scs.cas.host=host-name -Dsas.scs.cas.port=port-number -Dsas.scs.svc.scheme=https -Dsas.scs.svc.host=host-name -Dsas.scs.svc.port=port-number

General Notes:

• In the wrapper.java.additional.N= parameter, N specifies the actual number of your wrapper parameter.
• Set the appropriate host-name values for the Central Authentication Server (-Dsas.scs.cas.host=host-name) and the Service Server (-Dsas.scs.svc.host=host-name), if those host values are different from the originally configured values. For example, the default host is the SAS 9.4 Web Server. But if you are using an external web server, you need to change the host-name value to the value for that external web server.

Note for SAS^® 9.4 TS1M0 and TS1M1

Set the Central Authentication Server and Service Server values for port-number accordingly if those values are different from originally configured values. The values for -Dsas.scs.cas.port= and -Dsas.scs.svc.port= parameters are text strings. They must contain the colon if you are using a port other than a default port. That is, the colon is required for any value other than 80 for HTTP or any value other than 443 for HTTPS. For example, if you use the default port (80), the parameter is written as follows, with no value within the text-string quotation marks:

-Dsas.scs.cas.port=""

But if you are using a non-default port (for example, 8125), you must use the colon, as shown in this parameter:

-Dsas.scs.cas.port=":8125"
.

Note for SAS^® 9.4 TS1M2

In the second maintenance release for SAS 9.4 (TS1M2), the way you present the Central Authentication Server and Service Server port-number values is different than for TS1M0 and TS1M1. The values are not enclosed in quotation marks, and you do include the actual port value for the default port. For example, if you use the default port 443, the parameter is written as follows:

-Dsas.scs.cas.port=443

If you use a non-default port for the Central Authentication Server (for example 8125), the parameter is written as follows:

-Dsas.scs.cas.port=8125

For UNIX Operating Environments:

1. Locate the setenv.sh script file that resides in SAS–configuration–directory/Lev1/Web/WebAppServer/SASServerX_X/bin/.
2. Append the following JVM parameters in JVM_OPTS="" section.
-Dsas.scs.cas.scheme=https -Dsas.scs.cas.host=host-name -Dsas.scs.cas.port=port-number -Dsas.scs.svc.scheme=https -Dsas.scs.svc.host=host-name -Dsas.scs.svc.port=port-number

General Note: For the parameters shown in the example above, set the appropriate host–name values for Central Authentication Server (-Dsas.scs.cas.host=host–name) and the Service Server (Dsas.scs.svc.host=host–name), if those host values are different from the originally configured values. For example, the default host is the SAS 9.4 Web Server. But if you are using an external web server, you need to change the host-name value to the value for the external server.

Note for SAS^® 9.4 TS1M0 and TS1M1:

Set the Central Authentication Server and Service Server values for port-number accordingly if those values are different from originally configured values. The values for the -Dsas.scs.cas.port= and -Dsas.scs.svc.port= parameters are text strings. They must contain the colon if you are using a port other than a default port. That is, the colon is required for any value other than 80 for HTTP or any value other than 443 for HTTPS. For example, if you use the default port (80), the parameter is written as follows, with no value within the text-string quotation marks:

-Dsas.scs.cas.port=""

But if you are using a non-default port (for example, 8125), you must use the colon, as shown in this parameter:

-Dsas.scs.cas.port=":8125"

Note for SAS^® 9.4 TS1M2:

In the second maintenance release for SAS 9.4 (TS1M2), the way you present the Central Authentication Server and Service Server port-number values is different than for TS1M0 and TS1M1. The values are not enclosed in quotation marks, and you do include the actual port value for the default port. For example, if you use the default port 443, the parameter is written as follows:

-Dsas.scs.cas.port=443

If you use a non-default port for the Central Authentication Server (for example 8125), the parameter is written as follows:

-Dsas.scs.cas.port=8125
2. Modify the URL in the SAS 9.4 Content Server web.xml file, as follows. (Note: Perform this step ONLY for SAS 9.4 TS1M0.(
   1. Locate the web.xml file that resides in SAS–configuration–directory/Lev1/Web/WebAppServer/SASServer1_1/sas_webapps/sas.svcs.scs.war/WEB-INF/.
   2. In the following <init–param> element, modify <param–value> as follows:

      For the default port 443:

      <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://host-name/SASLogon</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>https://host-name</param-value> </init-param>

      For the non-default port 8125:

      <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://host-name:8125/SASLogon</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>https://host-name:8125</param-value> </init-param>
   3. Restart SASServer1_1 (or SASSever1_n) where your SAS Content Server application is configured.
   
   
   

   Operating System and Release Information

   Product Family	Product	System	Product Release		SAS Release
   			Reported	Fixed*	Reported	Fixed*
   SAS System	SAS Enterprise BI Server	Microsoft® Windows® for x64	9.4		9.4 TS1M0
   		Microsoft Windows 8 Enterprise x64	9.4		9.4 TS1M0
   		Microsoft Windows 8 Pro x64	9.4		9.4 TS1M0
   		Microsoft Windows 8.1 Enterprise 32-bit	9.4		9.4 TS1M0
   		Microsoft Windows 8.1 Enterprise x64	9.4		9.4 TS1M0
   		Microsoft Windows 8.1 Pro	9.4		9.4 TS1M0
   		Microsoft Windows 8.1 Pro 32-bit	9.4		9.4 TS1M0
   		Microsoft Windows Server 2008 R2	9.4		9.4 TS1M0
   		Microsoft Windows Server 2008 for x64	9.4		9.4 TS1M0
   		Microsoft Windows Server 2012 Datacenter	9.4		9.4 TS1M0
   		Microsoft Windows Server 2012 R2 Datacenter	9.4		9.4 TS1M0
   		Microsoft Windows Server 2012 R2 Std	9.4		9.4 TS1M0
   		Microsoft Windows Server 2012 Std	9.4		9.4 TS1M0
   		Windows 7 Enterprise x64	9.4		9.4 TS1M0
   		Windows 7 Professional x64	9.4		9.4 TS1M0
   		64-bit Enabled AIX	9.4		9.4 TS1M0
   		64-bit Enabled Solaris	9.4		9.4 TS1M0
   		HP-UX IPF	9.4		9.4 TS1M0
   		Linux for x64	9.4		9.4 TS1M0
   		Solaris for x64	9.4		9.4 TS1M0
   		Microsoft Windows 8 Enterprise 32-bit	9.4		9.4 TS1M1
   		Microsoft Windows 8 Pro 32-bit	9.4		9.4 TS1M1
   		Microsoft Windows Server 2008	9.4		9.4 TS1M1
   		Windows 7 Enterprise 32 bit	9.4		9.4 TS1M1
   		Windows 7 Home Premium 32 bit	9.4		9.4 TS1M1
   		Windows 7 Home Premium x64	9.4		9.4 TS1M1
   		Windows 7 Professional 32 bit	9.4		9.4 TS1M1
   		Windows 7 Ultimate 32 bit	9.4		9.4 TS1M1
   		Windows 7 Ultimate x64	9.4		9.4 TS1M1

   * For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.